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AMENDMENTS TO THE CLAIMS 

1-54. (Canceled) 

55. (New) A computer-implemented method for privacy management, comprising: 
providing a linked collection of Web pages, comprising at least first and second 

Web pages, on a Web site maintained by an enterprise, so as to enable a user to exchange 
information with the enterprise via the Web pages; 

assigning respective, non-uniform privacy policies to at least some of the Web 
pages regarding use of the information that is exchanged through the Web pages, the 
privacy policies comprising at least a first privacy policy assigned to the first Web page and 
a second, different privacy policy assigned to the second Web page; 

providing to the user accessing the first and second Web pages the respective 
privacy policies for the first and second Web page; and 

exchanging the information with the user via the Web site subject to the non- 
uniform privacy policies, such that at least a first portion of the information is exchanged 
via the first Web page subject to the first privacy policy, and at least a second portion of 
the information is exchanged via the second Web page subject to the second privacy policy. 

56. (New) A method according to claim 55, wherein exchanging the information with 
the user comprises receiving private information submitted to the enterprise by the user. 

57. (New) A method according to claim 56, wherein receiving the private information 
comprises receiving the user's agreement to at least one of the privacy policies, and 
recording the private information together with an indication of the at least one of the 
privacy policies agreed upon. 

58. (New) A method according to claim 57, and comprising: 

intercepting a request from an application to use the private information received 
from the user; 

querying the application to determine its compliance with the at least one of the 
privacy policies subject to which the requested information was received; and 

providing the requested information subject to the compliance of the application 
with the at least one of the privacy policies. 

59. (New) A method according to clahn 55, wherein providing the linked collection of 
Web pages comprises arranging the Web pages in a hierarchy of nodes that comprises a 
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root node, such that each of the nodes except for the root node has a parent node in the 
hierarchy, and 

wherein assigning the privacy policies comprises assigning to each of at least some 
of the nodes, including the nodes associated with the first and second Web pages, one or 
more respective privacy rules regarding use of the information that is associated with the 
nodes, and setting for each of the nodes a node privacy policy that comprises the privacy 
rules assigned to the node combined, for each of the nodes except the root node, with the 
node privacy policy of its parent node. 

60. (New) A metiiod according to claim 55, wherein providing the respective privacy 
policies comprises informing the user who has exchanged the information associated with 
the first Web page subject to the first privacy policy of a difference in the second privacy 
policy relative to the first privacy policy before exchanging the information associated with 
the second Web page. 

61. (New) A method according to claim 55, wherein assigning the non-uniform privacy 
policies comprises assigning an initial privacy policy to the first Web page, and 
subsequendy making a change in the initial privacy policy so as to assign a modified 
privacy policy to the first Web page, and wherein providing the privacy policies to the user 
comprises informing the user who has exchanged information with the first Web page 
subject to the initial privacy policy of the change. 

62. (New) A method according to claim 61, wherein informing the user comprises 
prompting the user to provide an input to indicate whedier the user accepts or rejects the 
change. 

63. (New) A method according to claim 55, wherein assigning the privacy policies 
comprises storing the privacy policies in a computer server belonging to the enterprise, and 
wherein providing the privacy policies to the user comprises intercepting a request by the 
user to access the first Web page and providing the first privacy policy to the user 
responsive to the request. 

64. (New) A method according to claim 55, wherein providing the privacy policies 
comprises conveying the policies in a standard form for presentation by a Web browser. 

65. (New) A method according to claim 64, wherein the standard form comprises a 
form specified by the Platform for Privacy Preferences Project (P3P). 
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66. (New) A method according to claim 55, wherein assigning the non-uniform privacy 
policies comprises determining a rating for each of the policies based on a predetermined 
rating scale. 

67. (New) A method according to claim 55, wherein assigning the non-uniform privacy 
policies comprises defining first and second user classes and defining, for a given one of 
the Web pages, different first and second class privacy policies, respectively, for the first 
and second user classes, and wherein providing the privacy policies to the user comprises 
determining whether the user belongs to the first or second class, and providing the first or 
the second class privacy policy accordingly. 

68. (New) A computer-implemented method for privacy management, comprising: 
arranging a body of mformation in a hierarchy of nodes that comprises a root node, 

such that each of the nodes except for the root node has one or more ancestor nodes in the 
hierarchy; 

assigning to each of at least some of the nodes one or more respective privacy rules 
regarding use of the information that is associated with the node; 
receiving a request from a user to access a given node; 

computing a node privacy policy for the given node by combining the privacy rules 
assigned to the given node with node privacy policies of the ancestor nodes of the given 
node in the hierarchy; 

providing the computed node privacy policy to the user; and 

exchanging with the user at least a portion of the information that is associated with 
the given node subject to the provided privacy policy. 

69. (New) A method according to claim 68, wherein exchanging the information with 
the user comprises receiving private information submitted by the user. 

70. (New) A method according to claim 68, wherein arranging the body of information 
comprises associating the nodes with respective Web pages accessible through a Web site. 

71. (New) A method according to claim 68, wherein assigning the respective privacy 
rules comprises representing the privacy rules assigned to each of the at least some of the 
nodes as respective policy sections, which are written in an extended markup language 
(XML) and comprise an attribute identifying a parent node in the hierarchy. 

72. (New) A computer-implemented method for privacy management, comprising: 
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providing a linked collection of interactive resources through which a user is able to 
exchange information with an enterprise diat provides the resources, at least some of the 
resources having privacy policies associated therewith regarding use of the information that 
is exchanged through the resources; 

receiving information from users who access the resources subject to the privacy 
policies; 

intercepting a request from an application to use the information received from the 

users; 

upon receiving the request from the application, querying the application to 
determine compliance of the application with the privacy policies subject to which the 
requested information was received; and 

providing the requested information to the application subject to the compliance of 
the application with the privacy policies. 

73. (New) A method according to claim 72, wherein the collection of interactive 
resources comprises a collection of Web pages accessible through a Web site of the 
enterprise. 

74. (New) A method accordmg to claim 72, wherein providing the linked collection of 
resources comprises associating non-uniform privacy policies with the resources, and 
wherein receiving the information comprises receiving and storing different items of the 
information subject to different privacy rules from among the non-uniform privacy policies. 

75. (New) A method according to claim 74, wherein providing the requested 
information comprises checking the compliance of the application with the privacy rules 
respectively applicable to each of the items of the information requested by the application. 

76. (New) A method according to claun 74, wherein providing the requested 
information comprises determining that the application does not comply with the rules 
respectively applicable to a given item of the mformation, and refusing to provide the 
requested information with respect to the given item, while providing other information 
with respect to which the application does comply with the respectively applicable rules. 

77. (New) A method according to claim 72, wherein receiving the information 
comprises receiving die information from first and second users subject to respective first 
and second privacy policies, and wherein providing the requested information comprises 
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checking the compliance of the application with both the first and the second privacy 
policies. 

78. (New) A method according to claim 72, and comprising making a record of the 
request and of the information provided responsive thereto in a log for review in a 
subsequent privacy audit. 

79. (New) Apparatus for privacy management, comprising a computer enterprise server 
arranged to provide a linked collection of Web pages, comprising at least first and second 
Web pages, on a Web site maintained by an enterprise, so as to enable a user to exchange 
information with the enterprise via the Web pages, and to assign respective, non-uniform 
privacy policies to at least some of the Web pages regarding use of the information that is 
exchanged through the Web pages, the privacy policies comprising at least a first privacy 
policy assigned to tiie first Web page and a second, different privacy policy assigned to the 
second Web page, and further arranged to provide to the user accessing the first and second 
Web pages the respective privacy policies for the first and second Web page, and to 
exchange the information with the user via the Web site subject to the non-uniform privacy 
policies, such that at least a first portion of the information is exchanged via the first Web 
page subject to the first privacy policy, and at least a second portion of the information is 
exchanged via the second Web page subject to the second privacy policy. 

80. (New) Apparatus according to claim 79, wherein the information exchanged with 
the user comprises private information submitted to the enterprise by the user. 

81. (New) Apparatus according to claim 80, wherein the server is arranged to receive 
the user's agreement to at least one of the privacy policies, and to record the private 
information together with an indication of the at least one of the privacy policies agreed 
upon. 

82. (New) Apparatus according to claim 81, wherein the server is further arranged to 
intercept a request fi-om an application to use the private information received from the 
user, to query the application to determine its compliance with the at least one of the 
privacy policies subject to which the requested information was received, and to provide 
the requested information subject to the compliance of the application with die at least one 
of the privacy policies. 

83. (New) Apparatus according to claim 79, wherein the Web pages are arranged in a 
hierarchy of nodes that comprises a root node, such that each of the nodes except for the 
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root node has a parent node in the hierarchy, and wherein the server is arranged to 
associate with each of at least some of the nodes, including the nodes associated with the 
first and second Web pages, one or more respective privacy rules regarding use of the 
information that is associated with the nodes, and to set for each of the nodes a node 
privacy policy that comprises the privacy rules assigned to the node combined, for each of 
the nodes except the root node, with the node privacy policy of its parent node. 

84. (New) Apparatus according to claim 79, wherein the server is arranged to inform 
the user who has exchanged the information associated with the &st Be page to the first 
privacy policy of a difference in the second privacy policy relative to the first privacy 
policy before exchanging the information associated with the second Web page. 

85. (New) Apparatus according to claim 79, wherein the server is arranged to assign an 
initial privacy policy to the first Web page, and subsequently to receive an indication of a 
change in the initial privacy policy so as to assign a modified privacy policy to the first 
Web page, and to inform a user who has exchanged information with the first Web page 
subject to the initial privacy policy of the change. 

86. (New) Apparatus according to claim 85, wherein the server is arranged to generate 
a prompt to the user to provide an input to indicate whether the user accepts or rejects the 
change. 

87. (New) Apparatus according to claim 79, wherein the server is adapted to convey 
the policy to a client computer m a standard form for presentation by a Web browser. 

88. (New) Apparatus according to claim 87, wherein the standard form comprises a 
form specified by the Platform for Privacy Preferences Project (P3P). 

89. (New) Apparatus according to claim 79, wherein the server is arranged to 
determine a rating for each of the policies based on a predetermined rating scale. 

90. (New) Apparatus according to claim 79, wherein the server is arranged to receive a 
definition of first and second user classes and, for a given one of the resources, different 
first and second class privacy policies, respectively, for the first and second user classes, 
and to determine whether the user belongs to the first or second class and to provide the 
first or the second class privacy policy to the user accordingly. 

91. (New) Apparatus for privacy management, comprising a computer server arranged 
to receive and store a body of information in a hierarchy of nodes that comprises a root 
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node, such that each of the nodes except for the root node has one or more ancestor nodes 
in the hierarchy, together with an assignment to each of at least some of the nodes of one or 
more respective privacy rules regarding use of the information that is associated with the 
node, 

wherein the server is arranged, in response a request from a user to access a given 
node, to compute a node privacy policy for the given node by combining the privacy rules 
assigned to the given node with node privacy policies of the ancestor nodes of the given 
node in the hierarchy, to provide the computed node privacy policy to the user, and to 
exchange with die user at least a portion of the information that is associated with the given 
node subject to the provided privacy policy. 

92. (New) Apparatus according to claim 91, wherein the information exchanged with 
the user comprises private information submitted to the server by the user. 

93. (New) Apparatus according to claim 91, wherein the body of information comprises 
a collection of Web pages accessible through a Web site, and wherein the server is 
arranged to associate the nodes with respective ones of the Web pages. 

94. (New) A method according to clahn 91, wherein the server is arranged to represent 
the privacy rules assigned to each of the at least some of the nodes as respective policy 
sections, which are written in an extended markup language (XML) and comprise an 
attribute identifying a parent node in the hierarchy. 

95. (New) Apparatus for privacy management, comprising a computer enterprise server 
arranged to provide a linked collection of interactive resources through which a user is able 
to exchange information with an enterprise that provides the resources, at least some of the 
resources having privacy policies associated therewith regarding use of the information that 
is exchanged through the resources, and to receive information from users who access the 
resources subject to the privacy policies, 

wherein the server is arranged to intercept a request from an application to use the 
information received from the users, and upon receiving the request, to query the 
application to determine compliance of the application with the privacy policies subject to 
which the requested information was received, and to provide the requested information to 
ttie application subject to the compliance of the application widi the privacy policies. 
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96. (New) Apparatus according to claim 95, wherein the collection of interactive 
resources comprises a collection of Web pages accessible through a Web site of the 
enterprise. 

97. (New) Apparatus according to claim 95, wherein the server is arranged to associate 
non-uniform privacy policies with the resources, and to receive and store different items of 
the information subject to different privacy rules from among the non-uniform privacy 
policies. 

98. (New) Apparatus according to claim 97, wherein the server is arranged to check 
the compliance of the application with the privacy rules respectively applicable to each of 
the items of the information requested by the application. 

99. (New) Apparatus according to claim 97, wherein when the server is arranged, upon 
determining that the application does not comply with the rules respectively applicable to a 
given item, to refuse to provide the requested information with respect to the given item, 
while providing other information with respect to which the application does comply with 
the respectively applicable rules. 

100. (New) Apparatus according to claim 95, wherein the server is arranged to receive 
the information from first and second ones of the users subject to respective first and 
second privacy policies, and to check the compliance of the application with both the first 
and the second privacy policies. 

101. (New) Apparatus according to claim 95, wherein the server is adapted to make a 
record of the request and of the information provided responsive thereto in a log for review 
in a subsequent privacy audit. 

102. (New) A computer software product for privacy management, comprising a 
computer-readable medium in which program instructions are stored, which instructions, 
when read by a computer, cause the computer to provide a linked collection of Web pages, 
comprising at least first and second Web pages, on a Web site maintained by an enterprise, 
so as to enable a user to exchange information with the enterprise via the Web pages, and 
to assign respective, non-uniform privacy policies to at least some of the Web pages 
regarding use of the information that is exchanged through the Web pages, the privacy 
policies comprising at least a first privacy policy assigned to the first Web page and a 
second, different privacy policy assigned to the second Web page. 
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wherein the instructions further cause the computer to provide to the user accessing 
the first and second Web pages the respective privacy policies for the first and second Web 
page, and to exchange the information with the user via the Web site subject to the non- 
uniform privacy poHcies, such that at least a first portion of the information is exchanged 
via the first Web page subject to the first privacy policy, and at least a second portion of 
the information is exchanged via the second Web page subject to die second privacy policy. 

103. (New) A product according to claim 102, wherein the information exchanged with 
the user comprises private information submitted to the enterprise by the user, and wherein 
the instructions cause the computer to receive and store the private information together 
with an indication of the privacy policy agreed upon. 

104. (New) A computer software product for privacy management, comprising a 
computer-readable medium in which program instructions are stored, which instructions, 
when read by a computer, cause the computer to arrange a body of information in a 
hierarchy of nodes that comprises a root node, such that each of the nodes except for the 
root node has one or more ancestor nodes in the hierarchy, to assign to each of at least 
some of the nodes one or more respective privacy rules regarding use of the information 
that is associated with the node, 

wherein the instructions cause the computer, in response a request from a user to 
access a given node, to compute a node privacy policy for the given node by combining the 
privacy rules assigned to the given node with node privacy policies of the ancestor nodes of 
the given node in the hierarchy, to provide the computed node privacy policy to the user, 
and to exchange widi the user at least a portion of the information that is associated with the 
given node subject to the provided privacy policy. 

105. (New) A computer software product for privacy management, comprising a 
computer-readable medium in which program instructions are stored, which instructions, 
when read by a computer, cause the computer to provide a linked collection of interactive 
resources tiirough which a user is able to exchange information with an enterprise that 
provides the resources, at least some of the resources having privacy policies associated 
therewith regarding use of the information that is exchanged through the resources, and to 
receive information from users who access the resources subject to the privacy policies, 

wherein the instructions cause the computer to intercept a request from an 
application to use the information received from the users, to query the application to 
determine its compliance with the privacy policies subject to which the requested 
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information was received, and to provide the requested information subject to the 
compliance of the application with the privacy policies. 
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